The Brexit deal provides a breeding ground for digital catastrophe

Negotiations around Brexit have kept the whole of Europe in suspense for years. Now beyond the last hurdle, a deal in one form or another 1,246 page trade agreement Achieved. Not an easy fee, but the document does not seem to have been read very carefully except for the publicly disputed fishing rights. This is indicated at least on page 921, by which those responsible are responsible for the use, security and communication structure or specifically: protocols and standards for encryption algorithms.

Eternal unnamed territory

On page 921 it is stated that data transfer, for example, vehicle records or fingerprints must be encrypted using the standard s / MIME function. The reason is simple: s / MIME is “integrated into modern email software packages including Outlook, Mozilla Mail and Netscape Communicator 4.x”.

This is exactly the problem because Mozilla Mail and Netscape cannot really be called “modern”. To refresh your memory: The last version of Netscape Communicator 4.x was released in August 2002.

If you forget what Netscape Communicator 4.0 looked like … pic.twitter.com/573xNdN3ZH

– Prof. P. Buchanan OBE (ill Philadelphia) December 26, 2020

Not to be confused with Mozilla Thunderbird Mozilla Mail was part of the Mozilla Application Suite. The software was last updated in 2006. Therefore, this program is not really “modern” in the sense of the Internet.

The worst thing, however, is that the document recommends the use of 1,024-bit RSA encryption and the SHA-1 hash algorithm. Each of these is out of date and no longer meets today’s security standards.

Brexit Document: Content copied from EU law

The News page Hakade Reveals the assumption that those responsible simply copied the relevant passage from the old document. In fact, the relevant EU legal text from 2008 seems to have already been discovered. However, experts have not checked to confirm whether the text is correct or updated. This opens the door for hackers – at least if the professionals responsible for enforcement look to themselves within the recommended standards.